By Yussif Ibrahim
Kumasi Oct. 08, GNA – The cyber security maturity level of the health sector compared to sectors such as the banking and telecommunication is low, the Cyber Security Authority (CSA), has revealed.
According to the Authority, six critical-severity and medium-severity vulnerabilities were found in 15 entities within the health sector, during a proactive vulnerability scan conducted by the CSA in the last 18 months.
Dr. Albert Antwi-Boasiako, Director General of CSA, identified no password encryption, outdated software, distributed denial of service, web server misconfiguration, HTTPS not enforced, and verbose error messages, as some of the vulnerabilities found during the exercise.
These were in a speech read on his behalf at the maiden Cyber Security Week organised by the Komfo Anokye Teaching Hospital (KATH) in Kumasi.
It was on the theme, “Securing Health Data in the Age of Misinformation: A collaborative Approach to Digital Resilience.”
The weeklong celebration, which is being spearheaded by the IT Unit of the Hospital, seeks to highlight the vulnerabilities in the management of health data as well as tackling misinformation.
The Director General of CSA advocated a strong collaboration among healthcare providers, sector regulators, cyber security ecosystem regulated by the CSA, other policy makers and the public, to effectively address challenges confronting the sector.
“The CSA prioritise the protection of Critical Information Infrastructure (CII), with health being one of the 13 identified sectors,” Dr. Antwi-Boasiako, indicated.
He said many institutions in the health sector had been designated as CII institutions and were required to adhere to specific directives to ensure protection, emphasing the importance of safeguarding the personal information of clients.
He spoke about the importance of an ongoing development of Ghana’s Computer Emergency Response Team (CERT) to facilitate incident response across various sectors of the economy.
“Ours is a decentralised model in which nine of the 13 critical sectors have been identified to have incident response teams that will work with the national CERT that sits within the CSA,” he elaborated.
He also explained that, “Sectoral CERTs have been established for priority sectors like banking and finance, telecommunications, Government and national Security, while other sectors, such as energy, health, transport and military were at different stages of development.”
The decentralised approach to incident response, according to the Director General, had proven effective in coordinating and responding to cyber security incidents, while ensuring vital information and knowledge sharing within these sectors.
Prof. Otchere Addai-Mensah, Chief Executive Officer (CEO) of KATH, said the facility’s reliance on digital tools and platforms had transformed care delivery and management of patients’ information.
“All our health, financial, demographic and other vital information are continuously being stored and managed with digital tools for which reason no effort should be spared in securing them,” he observed.
With folders and manual papers substantially done away with, management and staff owe it a duty to ensure the system is safeguarded to curtail any catastrophic interruption,he implored.
“Regrettably, these advancements comes with significant challenges particularly concerning the security of health data and the threat by misinformation,” Prof. Addai-Mensah bemoaned.
He expressed grave concern about the growing pursuits by unethical persons across the world to penetrate, manipulate, and control such platforms.
The CEO noted that it had become increasingly imperative for all stakeholders to collectively equip themselves to play their respective roles in protecting the digital platforms of the facility.
GNA